Conflicting nodemon dependency with non-vulnerable version of got

[kvnshu]

• Versions: 2.0.18
• nodemon -v: 2.0.18
• Operating system/terminal environment (powershell, gitshell, etc): powershell
• Using Docker? What image: N/A
• Command you ran: N/A

Expected behaviour

I'm currently building an app, and got a Dependabot alert to update the got package. The current version of got on my app is 9.6.0 and the desired version is 11.8.5.

Actual behaviour

When attempting to update via Dependabot, I get the following message on Github:

Dependabot cannot update got to a non-vulnerable version
The latest possible version that can be installed is 9.6.0 because of the following conflicting dependency:
nodemon@2.0.18 requires got@^9.6.0 via a transitive dependency on package-json@6.5.0

Steps to reproduce

I'm not too sure. Clone my app at commit c5f0832 and wait for Dependabot alert?

---

If applicable, please append the --dump flag on your command and include the output here ensuring to remove any sensitive/personal details or tokens.

[skubot]

Upgrading dependency update-notifier to v6.0.2 should fix this.

[huineng]

handled here #2033

[github-actions]

This issue has been automatically marked as idle and stale because it hasn't had any recent activity. It will be automtically closed if no further activity occurs. If you think this is wrong, or the problem still persists, just pop a reply in the comments and @remy will (try!) to follow up.
Thank you for contributing <3

[remy]

Resolved.